Cybercrime gangs continue to go where the money is

According to the APWG’s new Phishing Activity Trends Report, phishing in the first part of 2018 surged 46 percent higher than late 2017. The total number of phish detected in the first quarter of 2018 was 263,538. That was up from the 180,577 observed in the fourth quarter of 2017. It was also significantly greater than the 190,942 seen in the third quarter of 2017.

Phishing Activity Trends Report

The phishing attacks of early 2018 targeted users of online payment services more than in any other industry sector, accounting for 39 percent of all phishing attacks. MarkMonitor also saw modest increases in phishing that targeted SAAS/webmail providers (19 percent of the total) and file hosting/sharing sites (11 percent). Phishing against banks’ brands dropped slightly, to 14 percent.

In other news, RiskIQ analyzed what domain names were used by phishers and found domain use generally matched market share among top-level domains and registrations.

“Because cybercriminals focus on the cost-benefit analysis of their activities, they like to register their domains with the cheapest, most common registrars,” said Yonathan Klijnsma, Head Researcher at RiskIQ. “This is why phishing domain use often correlates with the market share of top-level domains and why the web hosters associated with phishing sites—many of which come from compromised websites—are typically the largest ones. For instance, GoDaddy, the largest hosting provider in Q1 2018, was also the top registrar affected by phishing.”

PhishLabs continued its monitoring of the use of HTTP protection on phishing web sites. By the second quarter of 2018, PhishLabs more than a third of phishing attacks were hosted on Web sites that had HTTPS and SSL certificates, reflecting and the general increase in HTTPS deployment on the Internet.

Phishing Activity Trends Report

Crane Hassold, PhishLabs Director of Threat Intelligence, said, “Following the pattern we’ve seen over the past 18 months, the percentage of HTTPS phishing sites continues to grow and now comprises more than a third of all attacks globally. While some of this increase is due to the general adoption of HTTPS across the web, much of this trend has been driven by threat actors registering malicious domains and obtaining free SSL certificates to make their phishing sites appear more legitimate. As browsers add more negative visual indicators that cause general web users to become less trusting of HTTP websites, we expect this trend to continue and likely accelerate.”

Axur, the APWG’s observer in Brazil, recorded significant increases in web-based scams on sites like Facebook, and saw phishing via text messages.